Cyber Insurance Buyer's Guide

Cyber Insurance

Buyer’s Guide

Introduction

Cyber insurance is a modern necessity to combat risks created by the digital economy

The business world has changed. Brickand-mortar offices have been replaced with digital storefronts, in-person meetings happen remotely, customer communications happen over email and chat, and business assets are increasingly digital and intangible. Technology is now an integral part of every organization.

All of these technologies make businesses more efficient and interconnected than ever before, but the benefits come with new risks that must be proactively addressed.

Cyber risk is the single-greatest concern for business leaders globally. 1 Cyber criminals are actively looking to exploit digital risks, and many businesses are unprepared and unable to respond to a cyber incident. Far too often, cyber attacks result in significant financial losses, reputational damage, and in some instances force businesses to cease operations.

What is cyber insurance?

In light of these growing threats, cyber insurance has become an essential aspect of the modern business’ risk management framework. Cyber insurance can provide protection from cyber attacks and digital threats, offering coverage for the losses associated with data breaches, cyber extortion, business interruption, and other cyberrelated incidents. Cyber insurance can also help your business access a wide range of specialized services to help mitigate the impact of cyber threats, including incident response teams, legal

and forensic experts, public relations support, and credit monitoring services.

Cyber risk is constantly changing and evolving, which can make businesses feel helpless. However, if your cyber insurance provider actively monitors your risk and sends routine security alerts, your business can improve its cybersecurity posture and prevent digital risk before it strikes.

No two cyber insurance policies are identical. When selecting a policy, businesses should look for comprehensive coverage that provides protection from dynamic cyber risks and addresses the most pervasive types of cyber events. We created this guide to help businesses navigate the complex cyber insurance market and confidently select the right coverage for their business. With a stronger understanding of how cyber insurance works, you can make informed decisions to help protect your businesses with greater peace of mind.

About Coalition

Coalition is the world’s first Active Insurance company, combining active cyber risk assessment, proactive protection, expert response, and comprehensive cyber coverage. Unlike traditional insurance, which is passive and slow to respond only after the worst happens, Active Insurance allows Coalition to actively partner with organizations to prevent digital risk before it strikes.

Understanding Cyber Risk

Why cyber attacks are the biggest threat to your business

Every technology your business uses comes with cyber risk: Email communications, websites, payment processors, even cellphones are vulnerable to a cyber attack. These technologies are essential to your business, and cybercriminals actively target weaknesses within these technologies for profit.

Cyber attacks are quickly becoming more common and most costly. Businesses of all sizes, and across various sectors, have become prime targets leading to a surge in the frequency and complexity of attacks. Total losses due to cybercrime exceeded $10.3 billion in 2022 — a 49% increase from the previous year.2

According to 2023 Coalition data, the average cyber insurance claim across all business sizes was $100,000, while small and midsize businesses (SMBs) experienced an average claim amount of $71,000.3

A cyber attack can take many forms. Ransomware, funds transfer fraud (FTF), and business email compromise (BEC) are some of the more prominent and impactful cyber threats facing businesses today. As a leading cyber insurance provider, Coalition regularly sees claims for each of these event types.

“Cyber-enabled crime has been around for many years, but methods used by perpetrators continue to increase in scope and sophistication emanating from around the world.”

Common Cyber Events by the Numbers

Ransomware

Ransomware is an attack in which a cyber criminal uses malicious software to prevent access to your data or computer system until you pay a ransom demand. Ransomware can take days or weeks to remediate, often resulting in operational downtime and substantial financial losses.

Accounted for 19% of all cyber events experienced by policyholders

Claims frequency increased 15% from previous year (2022)

Policyholders experienced an average claim amount of $263,000

Average ransom demand of $1.4M

Can your business survive a cyber attack?

Business Email Compromise Funds Transfer Fraud

BEC is a cyber attack in which a cybercriminal gains access to your email account through different means. Once your email account is compromised, the attacker may use the access to launch additional attacks, such as a data breach or funds transfer fraud. If your email account is compromised, it can require costly intervention to respond to the breach and determine if any data was stolen.

Accounted for 28% of all cyber events experienced by policyholders

Claims frequency increased 5% from previous year (2022)

Policyholders experienced an average claim amount of $27,000

As cyber attacks worsen, the need for cyber insurance becomes more apparent. Businesses of all sizes must recognize the growing threat posed by cybercriminals and prioritize cybersecurity measures that protect them from the potentially devastating consequences of cyber attacks.

FTF is a cyber attack in which a cybercriminal uses social engineering or other tactics to deceive you into sending money to an unintended recipient. FTF is often perpetrated after a BEC event, though the financial impacts of FTF are significantly greater.

Accounted for 28% of all cyber events experienced by policyholders

Claims frequency increased 15% from previous year (2022)

Policyholders experienced an average initial loss amount of $278,000

If you’re uncertain about your company’s resilience in the face of mounting cyber threats, now is the time to consider a cyber insurance policy that can provide both comprehensive coverage and other tools and resources, including an experienced incident response team, to help your business survive and recover quickly after experiencing a cyber attack.

Why Businesses Need Cyber Insurance

Protection from digital risk is no longer optional

Traditional insurance policies aren’t enough

Cyber insurance is an essential part of risk management that not only helps businesses cover the losses resulting from a cyber attack, but also includes tools and resources to help prevent attacks before they occur. With access to continuous risk monitoring and support from cybersecurity experts, cyber insurance offers organizations protection from the growing cybersecurity risks not covered by traditional insurance policies.

Most businesses take steps to ensure their physical operations are protected against damage and resulting general liabilities. However, traditional insurance policies weren’t designed with digital risks in mind.

General Liability (GL) insurance helps protect your business from third-party claims of injury, property damage, and negligence. Similarly, Business Owner’s Policies (BOP) and Crime insurance are typically limited to addressing physical damage of a tangible asset or bodily injury. But none of these insurance options provide adequate protection from the risks inherent in a digital-first world.

Protection from digital risks is no longer optional. Businesses are now choosing to prioritize cyber insurance policies and other cybersecurity tools to protect themselves.

Global cyber insurance market growth in the last 5 years6

Increase in cybersecurity spending in the last 4 years5 97% 3x 70%

Companies committed to maintaining or increasing cyber coverage in 20237

Debunking Cyber Insurance Myths

Whether it’s a lack of resources and funding or a misconception that cyber risks only impact large organizations, businesses delay purchasing cyber insurance for a few reasons:

“My business is too small to be a target.”

Many business owners mistakenly assume that small businesses with a low profile aren’t targets for cybercrime. In fact, threat actors are increasingly targeting small businesses, which can often have fewer security controls and limited IT security personnel.

PROOF POINT: 46% of all breaches impact businesses with fewer than 1,000 employees8

“We don’t rely on technology.”

Cybercrime doesn’t just affect data-rich companies. Every business that relies on technology to operate — cellphones, point-of-sale systems, payroll, etc. — may become a target of a cyber attack. In fact, email systems are commonly exploited by cyber criminals in phishing and similar attacks.

PROOF POINT: 3.4 billion emails containing a malicious link are sent every day9

“We already have protection from cyber threats.”

Cybersecurity tools are important in any cyber risk management strategy, but they’re only one layer of protection. Systematic protections that businesses employ to combat cyber threats can fail and often don’t mitigate human errors. In fact, many cybercrimes and security breaches against organizations are a result of human error.

PROOF POINT: 74% of all cyber breaches result from human error10

“We have coverage in our existing insurance.”

Traditional GL insurance isn’t designed to cover cybercrimes. Most package policies only cover third-party costs, leaving significant coverage gaps that can be detrimental to a business, like loss of revenue due to operational downtime or covering the cost of a ransomware payment.

PROOF POINT: 90% of small business owners say cyber insurance is just as important, or more important, than other types of business insurance.11

“Cyber insurance costs too much.”

Cyber insurance is a small financial tradeoff for those that rely on digital technology to grow and expand their businesses — and the cost of a cyber incident far outweighs the cost of cyber insurance premiums.

PROOF POINT: The average cyber insurance claim for businesses of any size is $100,00012

Assessing digital risks

Faced with a growing list of cyber threats and vulnerabilities, it can be hard to determine where to start. Fortunately, certain cyber insurance providers can help you assess your digital risks prior to purchasing a policy. Coalition provides free Cyber Risk Assessments that can help identify vulnerabilities based on your company’s digital footprint and the types of hardware and software used in your operations.

Selecting the Right Coverage

Prioritize policies that protect against dynamic cyber risks

What to look for in a cyber insurance policy

A cyber event can result in significant financial losses for your business, including damage to technology, loss of data, money directly lost through a FTF or ransom payment, third-party claims brought by customers and vendors, or lost revenue due to downtime and public perception.

However, not all cyber insurance policies are created equal. When shopping for a policy, it's important to focus on policies that offer comprehensive coverage by providing protection from dynamic cyber risks and the most pervasive types of cyber events. A comprehensive cyber insurance policy provides crucial coverage across five important areas outlined on the next few pages.

5 Important Areas of Coverage

1. Direct costs to respond

Responding to a cyber event typically requires numerous direct costs, also known as “first-party expenses.” If your business experiences a cyber attack, you may require incident response, legal services, forensic investigation, help facilitating a ransom payment, and breach notification to comply with regulatory requirements. Simple breach incidents can cost tens of thousands of dollars, while complex matters can increase costs exponentially. When evaluating a policy, look for the following coverages:

Breach Response → This covers the costs to respond to a failure of computer security or a data breach, including incident response services, customer notification, credit monitoring, and legal costs.

Crisis Management → This covers the costs to respond to a cyber incident, including public relations experts, media purchases, and voluntary notification costs.

Ransomware and Cyber Extortion →

This covers the costs to respond to an extortion incident, as well as a payment to a cyber threat actor.

2. Liability to others

Navigating the patchwork of laws and regulations after a company sustains a security incident or data breach is difficult for any organization, especially if you operate in a highly regulated industry across multiple jurisdictions. A ransomware attack or data breach can trigger liability to third parties and cause bodily harm or injury, quickly increasing a company’s losses. When considering a policy, look for the following coverages:

Network & Information Security

Liability → This covers the liability and legal costs arising from a loss by a third party due to a data breach or a breach in your company’s network security, such as unauthorized access, transmission of a virus, blocked access, or failure to provide notice of a security breach.

Regulatory Defense and Penalties →

This coverage reimburses you for claims, expenses, fines and penalties that your company becomes legally obligated to pay because of a regulatory proceeding resulting from a failure in your security or data breach.

3. Business interruption and reputation damage

A cyber event that impacts essential technology can have a significant impact on your ability to operate, which can be highly visible to customers and other stakeholders. Even short periods of disruption due to ransomware or cyber extortion can lead to direct loss of revenue and inhibit your company’s ability to operate, negatively impacting customers, employees, and delivery of products and/or services. When evaluating coverages, you should consider:

4. Cybercrime

Beyond ransomware attacks and data breaches, cyber events can result in financial losses. For example, funds transfer fraud can lead to losing thousands of dollars almost instantly. Attackers can also gain access to email accounts through social engineering techniques, like phishing or business email compromise (BEC), and use credentials to send fraudulent invoices or payment instructions to your customers, vendors, and other third parties. Look for the following coverages when shopping for a policy:

5. Recovery and restoration

After a cyber event, resuming operations may prove challenging. If malware damages or destroys essential technology, data, or physical equipment, you may need to bring in external support or purchase new equipment to re-secure systems. Full remediation, restoration, and recovery of your business operations following a cyber event, when possible, can take a significant amount of time and may require purchasing new software, systems, and consultants to rebuild the network. Look for the following coverages in a cyber insurance policy:

Business Interruption & Extra Expenses → This covers financial losses to your business resulting from a failure in your network security or a network systems failure, as well as certain additional expenses your business incurs to resume operations.

Reputational Harm Loss → This coverage reimburses your business for your lost net profit, or increased net loss, resulting from negative media exposure after your company experiences a cyber incident.

Funds Transfer Fraud → This covers funds transfer losses your business incurs from a failure in your security or social engineering.

Invoice Manipulation → This covers the net cost of receivables you cannot collect as a result of your customer being tricked into sending payment to fraudsters due to a security failure in your company’s network.

Phishing/Impersonation → This covers your costs to respond to a phishing attack impersonating you, including public relations, reimbursing your customers, and costs related to preventing and mitigating future incidents.

Computer Replacement → This covers the costs to replace computer systems whose integrity has been permanently altered by malware.

Digital Asset Restoration → This covers the costs to replace, restore, or rebuild your digital assets that are damaged or lost following a security failure.

Added Protections and Policyholder Benefits

Some cyber insurance policies go above and beyond industry standards to include additional coverages and policyholder benefits that may not be available elsewhere. Here are additional features to look for in a policy that can give you a distinct advantage in mitigating cyber risks:

Proactive Monitoring and Security Alerts

Knowing if you’re at risk is a key component of cybersecurity. Coalition continuously monitors policyholders for new and emerging threats in real-time and sends actionable security alerts to help businesses resolve vulnerabilities before they result in financial loss.

Unique Financial Recovery Tactics

Attackers often move money across jurisdictions to cover their tracks when committing funds transfer fraud and other cybercrimes. Coalition’s relationships with government entities and financial institutions drastically increase the chance of recovery by allowing us to move quickly and recover stolen funds.

Separate Limit for Breach Response Costs

Having separate limits for breach response allows you to preserve your limits for other coverages, like extortion and business interruption. Included in most Coalition policies, this benefit can provide a boost of confidence that your business will have sufficient limits to respond in case of an incident.

Pre-Claims Assistance

Time is of the essence when your business experiences a cyber attack. Coalition policyholders get the benefit of dedicated “pre-claims assistance,” which gives you the ability to seek guidance without fear of triggering a claim, which allows us to triage incidents and help prevent them from escalating into claims.

Access to Expert Incident Responders

Expertise is critical when dealing with a cyber incident. Policyholders have access to Coalition Incident Response* (CIR) for technical digital forensic and incident response services when dealing with a cyber incident and benefit from a $0 retention if they select CIR from Coalition’s panel of vendors.

“Pay on Behalf” Language

Breach response costs, ransom payments, and other first-party expenses can add up fast. Many cyber insurance providers require you to pay these fees directly and then seek reimbursement. But as a Coalition policyholder, you get the benefit of upfront costs handled on your behalf, so you don’t have to wait for reimbursement.

Cyber Insurance Buyer’s Checklist

Assessment Protection

Does the cyber insurance provider include any of the following to identify the right risks and coverage for your business?

S Real-time cyber threat analysis

S Customized business risk assessments

S Actionable security recommendations

What added benefits are provided to help keep your business safe throughout the duration of your policy?

S Proactive monitoring and security alerts

S Expert guidance on fixing vulnerabilities

S Pre-claims assistance

Coverage

Does the policy include comprehensive coverage that reflects the most common cyber incidents?

Direct Costs to Respond

S Breach Response

S Crisis Management

S Ransomware and Cyber Extortion

to look

in a

S Network and Information Security Liability

S Regulatory Defense and Penalties

S Funds Transfer Fraud

S Invoice Manipulation

S Phishing / Impersonation

Business Interruption and Reputation Damage

S Business Interruption and Extra Expenses

S Reputational Harm Loss

S Computer Replacement

S Digital Asset Restoration

S Separate Limit for Breach Response Costs

S “Pay on Behalf” Language

Not all cyber insurance policies are created equal.

Ask these questions to see if a provider or policy includes the essential coverage and added benefits necessary to help protect your business from cyber risk.

Response

Does the policy include added benefits to support your business in the event of an incident?

S Seamless security service add-ons like MDR (managed detection & response)

Case Study

Coalition helps school recover $1M+ after funds transfer fraud

While making routine online payments, a school unknowingly sent two wire transfers, totaling $1.3 million, to a cyber attacker. Once the cyber attack was reported, Coalition Incident Response* launched an investigation and determined an employee’s email account had been compromised. The attacker, posing as a business partner, convinced the school to send money to a fraudulent account. Fortunately, Coalition was able to successfully freeze the stolen funds and recover all but $500.

Coalition Clawbacks

When an FTF event occurs, cybercriminals often move money across various jurisdictions to cover their tracks. Through relationships with government entities, Coalition drastically increases the chance of recovery by moving quickly — and doing what others don't — to claw back stolen funds. In 2023, Coalition successfully clawed back more than $38 million in fraudulent transfers with an average recovery amount of $470,000. When shopping for a policy, look for a cyber insurance provider that employs an in-house claims team that prioritizes financial recovery tactics to help mitigate losses if a cyber event strikes.

$38 million

Total amount clawed back in 2023

102%

Increase in FTF recovery since 2022

$470,000

Average amount recovered per FTF claim

Case Study

Coalition helps manufacturer decrypt data without paying ransomware demands

A manufacturer with no data backups was rendered inoperable after getting hit by a ransomware attack. Locked out of its systems and projecting $1 million losses per day, the manufacturer worked with Coalition Incident Response* (CIR) to identify alternative options. Within one day, CIR was able to locate a decryption key for the ransomware variant and unlocked the systems, which allowed the manufacturer to promptly resume operations and avoid a seven-figure ransom payment.

Ransomware negotiation

No business ever wants to pay a ransom demand. However, when reasonable and necessary, Coalition will help guide your business through the process of negotiating and paying a ransom. In 2023, 36% of Coalition policyholders opted to pay a ransomware demand, and the average demand was $1.62 million.14 Through successful negotiation, CIR was able to reduce the amount paid down to an average of 64% of the initial demand. When shopping for a policy, look for a cyber insurance provider that works with a panel of expert incident responders.

$1.4 million 64% Average initial ransomware demand in 2023 Average payment decrease from initial demand via successful negotiation

How Much Does Cyber Insurance Cost?

In today’s dynamic market, the cost of cyber insurance can vary widely. Factors that can impact the price of a cyber insurance policy include:

Technology infrastructure: More insurance companies are using scanning technology as part of their application process to assess potential vulnerabilities in an organization’s tech stack. Thinking like a cybercriminal allows insurers to gain better insight into potential risk exposures.

Business industry: Cybercriminals often target some industries more than others due to perceived weaknesses in their technology or potential for a greater payday.

Company size and revenue: While businesses of all sizes are at risk of cyber attacks, larger businesses typically require larger limits and, thus, pay higher premiums.

Protected data: The more sensitive data a company transacts or stores, the more likely cybercriminals will be interested in stealing it, reselling it, or using it as leverage in a ransomware attack.

Coverage amount: Like other forms of insurance, cyber insurance costs are directly tied to how much coverage is purchased. For example, a $1 million policy will be more affordable than a policy that provides up to $15 million in coverage.

Other factors that can influence cyber insurance costs include: increasing demands in coverage, increasing costs associated with cyber incident remediation, and growing sophistication of cyber threats and attack methods.

If a business has experienced a cyber attack within the previous year, its cyber insurance premiums may also become more expensive upon renewal—similar to annual car insurance premiums increasing after a claim is made for an automobile accident. Businesses can improve their insurability and keep their premiums lower by choosing a cyber insurance provider that helps businesses proactively remediate risks and avoid claims.

Why Modern Businesses Choose Coalition

Prevent risk before it strikes with Active Insurance

The Coalition Advantage

Hundreds of thousands of businesses protect their businesses with Active Insurance. While other cyber insurance providers wait for a claim to engage, we use data and security insights to partner with you and help mitigate digital risks throughout the life of your policy. Comprehensive cyber coverage, innovative security tools, and world-class claims handling allows Coalition policyholders to focus on growing their business with protection and greater peace of mind.

64% fewer 52% HOW WE PERFORM: Coalition claims compared to cyber insurance industry average15 Reported matters handled without any outof-pocket payments by the policyholder16

ASSESS

Real-time, external view of cyber risk with customized recommendations

RESPOND

Immediate expert support to minimize impact and speed up recovery

PROTECT

Identify and prevent new threats with tailored remediation guidance and support

Comprehensive coverage to give peace of mind following an attack

Working with a broker?

Ask your broker for a quote from Coalition

Looking for a broker?

Get matched with a broker

Curious about your risk?

Get your free risk assessment

You are advised to read this disclosure carefully before reading or making any other use of the following reference material. The content of this material is (i) not all-encompassing or comprehensive; (ii) solely for informational purposes; (iii) not be construed as advice of any kind or the rendering of consulting, financial, legal, or other professional services from Coalition, Inc., or any of its Affiliates (collectively, "Coalition"); and (iv) not in any way intended to create or establish a contractual relationship. Any action you take upon the information contained herein is strictly at your own risk and Coalition will not be liable for any losses and damages in connection with your use or reliance upon the information. The contents provided herein may not apply directly to specific circumstances and professional advice should be sought before any action is taken in relation to the information disseminated herewith. Coalition makes no representation or warranties about the accuracy or suitability of information provided in the report or related materials. The report may include links to other resources, reference materials or websites which are provided for your convenience only and do not signify that Coalition endorses, approves or makes any representation or claim regarding the accuracy of copyright compliance, legality, or any other aspects of the resources or websites cited. Additionally, the claim scenarios described in this guide are intended to show the types of situations that may result in claims. These scenarios should not be compared to any other claim. Whether or to what extent a particular loss is covered depends on the facts and circumstances of the loss, the terms and conditions of the policy as issued and applicable law.

In the United States, insurance products are offered by Coalition Insurance Solutions, Inc., a licensed insurance producer